Leaderboard Zone

When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details. Previously, we kept this data for as long as it was useful. Today we’re pleased to report a change in our privacy policy: Unless we’re legally required to retain log data for longer, we will anonymize our server logs after a limited period of time. When we implement this policy change in the coming months, we will continue to keep server log data (so that we can improve Google’s services and protect them from security and other abuses)—but will make this data much more anonymous, so that it can no longer be identified with individual users, after 18-24 months.

Why 18 to 24 months? Well, I’d wager because Google is all over personalization and doesn’t want to hobble itself. More soon…

8 thoughts on “Google Takes New Privacy Steps: A Start”

Personalized search uses data that’s kept separate and unaffected by the change. In other words, when they alter this data, that doesn’t alter your personalized search / search history information. That data stays active as long as users allow it to remain.

The big question is what does it mean to “anonymize our server logs after a limited period of time”?

AOL found out the hard way that what they thought was anonymous. As long as you can put together a single user’s search activity over time, its fairly easy to identify someone. Hell, even one unluck query can identify someone.

Or is correct. The European Data Retention Directive requires data is kept for a period of 6 to 24 months. Individual countries are now implementing the directive in national legislation, and it looks like they are choosing a retention period of 12 to 18 months. Google will go with data retention for at least 18 months (proposed in the Netherlands) because I guess it wouldn’t be worth the effort to differntiate between Google users of the different EU countries.

Retention is going to be a selling point for online services in the future, not just to address individuals’ privacy concerns but to be able to fit businesses’ existing retention policies.

What is likely to happen:
– Being able to set your own retention periods as part of the service preferences
– A separation of service and personal (or corporate) data: you decide where you data is stored

Does this mean they won’t link one search phrase to the next? Part of search isn’t just the meta data, but the search itself. If I search for “movies 45202” I’ve already put my location info into the search. So, if my searches are still saved with a unique id linking one another, someone could easily assume that all the searches are from someone within the 45202 zip code. Add any other info that I randomly search for regarding a local business or something of that sort and you have more evidence pointing to the user.

Considering this I really wonder how far they are willing to take the anonymity.